[Nagiosplug-devel] Checking for unknown NIS servers?
John P. Rouillard
rouilj at cs.umb.edu
Mon Feb 13 12:00:06 CET 2006
In message <43F0BF02.6070005 at op5.se>, Andreas Ericsson writes:
>C. Bensend wrote:
> [some other attributions lost in response]
>>>contact the individual addresses? my assumption was that for
>>>NIS broadcasting you simply put some noise on the wire, and any
>>>masters on the local network segment responded.
>> Personally, I need something like:
>>
>> check_nis -d domain1,domain2 -x -s server1,server2
>>
>> ... that will return a non-OK value if any _more_ servers respond,
>
>And this is where the trouble lies. How long should we wait for any
>other server to respond, and how many broadcasts should we send?
>
>> other than server1 or server2, such as an unintentional or rogue
>> server3 answering the broadcast.
>>
>> I know I can't code it, but I could certainly help test it if
>> someone were to take a shot. :)
>A much better way is to set up a daemon which listens to broadcasts and
>shouts out loud if it hears one from the wrong server.
IIRC the client broadcasts for the server. The server replies using
the client's IP address. So it's not a broadcast response but a
niswatch (doesn't look like google knows of a niswatch that does this)
type daemon (sort of like arpwatch) would work if you have a port on
your switches than can be used to monitor all traffic looking for the
response.
You can probably cobble something together from tcpdump and nagios
passive service results.
>You still have to
>implement the NIS protocol (partially) but you can get rid of the
>problem of having plugins run with elevated privileges and determining
>how long to wait.
Well you can use regular network NIS traffic as your probe and just
look for incorrect responses.
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
More information about the Devel
mailing list